CVE-2017-3872

Опубликовано: 17 мар. 2017

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. More Information: CSCvc21620. Known Affected Releases: 10.5(2.14076.1). Known Fixed Releases: 12.0(0.98000.641) 12.0(0.98000.500) 12.0(0.98000.219).

Ссылки

http://www.securityfocus.com/bid/96916
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038036
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm
Vendor Advisory
http://www.securityfocus.com/bid/96916
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id/1038036
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170315-ucm
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.14076.1\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_communications_manager:11.0\(1.10000.10\):*:*:*:*:*:*:*

cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00439

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-vv88-3pw7-jw7q

CVSS3: 6.1

github

больше 3 лет назад

BDU:2017-00686

fstec

почти 9 лет назад

Уязвимость системы управления IP-телефонией Cisco Unified Communications Manager, позволяющая нарушителю осуществлять межсайтовые сценарные атаки